Overview

overview

10

Static

static

5

JaffaCakes...c7.exe

windows7-x64

10

JaffaCakes...c7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_62b5b1e2ce552524d16787ac662426c7

  • Size

    326KB

  • Sample

    250102-e99awawnbj

  • MD5

    62b5b1e2ce552524d16787ac662426c7

  • SHA1

    7ca9e8938473837bd293e64d5c0980eb34a552c9

  • SHA256

    9018cde236258a5fa5b4be5a8a56d483a403b9324c779f98a9fb3898bc6ea1f8

  • SHA512

    a50f6e283f969315ba8ccf538ddf15583e09c7a25f09ecb40da631db36fc47fa3de6906c4713903013962766354b103a9ec9afdac53aa010ddc1d04aa1b69221

  • SSDEEP

    6144:SDVak0cSWDokL405WHaIEEGb6UqCDeCV88zqLhTfKXroSFK:S5xoz0RIje6UqU8D9TfKboSFK

Score
10/10
darkcometdiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      JaffaCakes118_62b5b1e2ce552524d16787ac662426c7

    • Size

      326KB

    • MD5

      62b5b1e2ce552524d16787ac662426c7

    • SHA1

      7ca9e8938473837bd293e64d5c0980eb34a552c9

    • SHA256

      9018cde236258a5fa5b4be5a8a56d483a403b9324c779f98a9fb3898bc6ea1f8

    • SHA512

      a50f6e283f969315ba8ccf538ddf15583e09c7a25f09ecb40da631db36fc47fa3de6906c4713903013962766354b103a9ec9afdac53aa010ddc1d04aa1b69221

    • SSDEEP

      6144:SDVak0cSWDokL405WHaIEEGb6UqCDeCV88zqLhTfKXroSFK:S5xoz0RIje6UqU8D9TfKboSFK

    Score
    10/10
    darkcometdiscoverypersistencerattrojanupx

    • Darkcomet

      DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.

      trojanratdarkcomet

    • Darkcomet family

      darkcomet

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks